[ISN] Identity Theft Malware Surges 600%

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=219400767

By Thomas Claburn
InformationWeek
August 19, 2009 07:02 PM

The indictment of Albert Gonzales of Miami, Fla., for allegedly hacking 
into corporate computers and stealing more than 130 million credit and 
debit cards may not have much impact on the identity theft underground.

In the first half of 2009, the number of computer users affected by 
malware engineered to steal personal information has risen by 600% 
compared to the January through June period in 2008, according to 
PandaLabs, part of computer security company Panda Security. In 
quantitative terms, Panda reports identifying 391,406 computers infected 
with identity-theft malware in the first six months of the year.

Luis Corrons, technical director of PandaLabs, speculates that the 
global economic downturn and the thriving black market for credit and 
debit card numbers and online account information is driving the 
creation of so much identity stealing malware. He also notes that the 
distribution of identity-theft malware through social networks and 
services like Facebook and Twitter is on the rise.

Panda reports receiving more than 35,000 new malware samples -- viruses, 
worms, Trojans and the like -- every day. Trojan software designed to 
steal bank details, credit/debit card numbers, or online account login 
names and passwords represents 71% of this total. That's up from 51% in 
2007.

Identity thieves are also seeking sensitive information through a more 
diverse set of targets. Where previously financial data thieves focused 
on spoofing online bank sites to dupe users into entering login 
information, they have recently been targeting a variety of services 
where payment account information may be stored or entered, like PayPal, 
Amazon, eBay, or charity sites.

[...]


________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org